package com.qq.Servlet.Login;


import com.google.code.kaptcha.Constants;
import com.qq.model.User;
import com.qq.util.DBUtil;
import com.qq.util.MD5Util;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URLEncoder;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

@WebServlet("/login")
public class Login extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        req.getRequestDispatcher("/WEB-INF/jsp/login/form.jsp").forward(req,resp);
    }

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

        String name = req.getParameter("name");
        String password =  req.getParameter("password");
        String message = "";
        //验证码进行判断
        String kaptcha=req.getParameter("kaptcha");
        //session里面的那个随机数,通过这个键KAPTCHA_SESSION_KEY获取
        if (!kaptcha.equals(req.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY)))
        {
            message="验证码不正确";
            message = URLEncoder.encode(message,"utf-8");
            resp.sendRedirect("?"+"message="+message+"&name="+name+"&password="+password);
        }else {
            if(name.equals("")||password.equals("")){
                message ="账号、密码 都不能为空";
                message = URLEncoder.encode(message,"utf-8");
                resp.sendRedirect("?" + "message=" + message + "&name="+ name + "&password="+password);
            }
            else{
                //处理密码,把提交过来的password经过了一次加密运算，我们数据库里存储的是经过加密的密码
                //MD5Util，当我们写了之后，这里的密码都要经过一次加密运算，数据库里要保存加密过了的数据
                //password2主要是为了和数据库进行对比，防止影响其他数据，就是我们只进行对比我们输入的数
                String password2 = MD5Util.getMD5(password);
                Connection con = DBUtil.getConnection();
                try {
                    PreparedStatement pstmt = con.prepareStatement("SELECT * FROM user WHERE name = ?  And password = ?");
                    pstmt.setString(1, name);
                    pstmt.setString(2, password2);
                    ResultSet rs = pstmt.executeQuery();
                    //成功：重定向到“个人中心”  //失败：重定向回 登录页
                    if (rs.next()) {
                        User user = new User(name, password);
                        req.getSession().setAttribute("USER", user);
                        /**这里为什么要加入testweb才能访问到这个页面,
                         * 这里是因为当我们加/了就要把testweb也计算出来
                         *如果不加testweb路径就会是http://localhost:8080/book/index01什么都访问不到
                         */
                        // resp.sendRedirect("/testweb/book/index01");
                        //center过滤器的注解
                        resp.sendRedirect("center/book/index01");
                    } else {
                        message = "你输入的账号密码有误";
                        message = URLEncoder.encode(message, "utf-8");
                        resp.sendRedirect("?" + "message=" + message + "&name=" + name + "&password=" + password);
                    }
                }catch (SQLException e){
                    e.printStackTrace();
                }
            }

        }
        //验证码进行判断的循环
    }
    }

